* [Qemu-devel] [PATCH] linux-user: fail execve() if env/args too big
@ 2012-01-31 11:43 Ulrich Hecht
2012-02-09 8:30 ` [Qemu-devel] [Qemu-trivial] " Stefan Hajnoczi
0 siblings, 1 reply; 2+ messages in thread
From: Ulrich Hecht @ 2012-01-31 11:43 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-trivial
If the host's page size is equal to or smaller than the target's, native
execve() will fail appropriately with E2BIG if called with too big an
environment for the target to handle. It may falsely succeed, however, if
the host's page size is bigger, and feed the executed target process an
environment that is too big for it to handle, at which point QEMU barfs and
exits, confusing procmail's autoconf script and causing the build to fail.
This patch makes sure that execve() will return E2BIG if the environment is
too large for the target.
Signed-off-by: Ulrich Hecht <uli@suse.de>
---
linux-user/syscall.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 2bf9e7e..fba3f29 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4797,6 +4797,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
abi_ulong guest_envp;
abi_ulong addr;
char **q;
+ int total_size = 0;
argc = 0;
guest_argp = arg2;
@@ -4828,6 +4829,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
break;
if (!(*q = lock_user_string(addr)))
goto execve_efault;
+ total_size += strlen(*q) + 1;
}
*q = NULL;
@@ -4839,9 +4841,16 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
break;
if (!(*q = lock_user_string(addr)))
goto execve_efault;
+ total_size += strlen(*q) + 1;
}
*q = NULL;
+ /* This case will not be caught by the host's execve() if its
+ page size is bigger than the target's. */
+ if (total_size > MAX_ARG_PAGES * TARGET_PAGE_SIZE) {
+ ret = -TARGET_E2BIG;
+ goto execve_end;
+ }
if (!(p = lock_user_string(arg1)))
goto execve_efault;
ret = get_errno(execve(p, argp, envp));
--
1.7.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Qemu-devel] [Qemu-trivial] [PATCH] linux-user: fail execve() if env/args too big
2012-01-31 11:43 [Qemu-devel] [PATCH] linux-user: fail execve() if env/args too big Ulrich Hecht
@ 2012-02-09 8:30 ` Stefan Hajnoczi
0 siblings, 0 replies; 2+ messages in thread
From: Stefan Hajnoczi @ 2012-02-09 8:30 UTC (permalink / raw)
To: Ulrich Hecht; +Cc: qemu-trivial, qemu-devel
On Tue, Jan 31, 2012 at 12:43:16PM +0100, Ulrich Hecht wrote:
> If the host's page size is equal to or smaller than the target's, native
> execve() will fail appropriately with E2BIG if called with too big an
> environment for the target to handle. It may falsely succeed, however, if
> the host's page size is bigger, and feed the executed target process an
> environment that is too big for it to handle, at which point QEMU barfs and
> exits, confusing procmail's autoconf script and causing the build to fail.
>
> This patch makes sure that execve() will return E2BIG if the environment is
> too large for the target.
>
> Signed-off-by: Ulrich Hecht <uli@suse.de>
> ---
> linux-user/syscall.c | 9 +++++++++
> 1 files changed, 9 insertions(+), 0 deletions(-)
Thanks, applied to the trivial patches tree:
https://github.com/stefanha/qemu/commits/trivial-patches
Stefan
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-02-09 9:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-01-31 11:43 [Qemu-devel] [PATCH] linux-user: fail execve() if env/args too big Ulrich Hecht
2012-02-09 8:30 ` [Qemu-devel] [Qemu-trivial] " Stefan Hajnoczi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.